OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).
fdd2de57852e1fd9cec19e7c576100a286c2be9c0fff14396e2cffa7e5548fdd
There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a document or music file.
7ffd15f66d899cf5ad6ff6674833eb1870b4935ff336fb675f5220f416be335f
There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.
bb3c8a7504d6e8c404b476e897caa56de42f921ba832cc4711f8ae78d2e13e4a
WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.
2ec1a0d99abb5947627baca39e075feb58469c6d5343d02372f0c7228f090bb6
WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
a1e26e9a88b4ddfb7ecd7cc345817ca900f281621be4abee4b9fc7cfe1b7235d
Red Hat Security Advisory 2017-3477-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
822ce2a5a2219e619fcb8712952a12baa3716903009d2d8afeb6607985aa478a
Red Hat Security Advisory 2017-3476-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 2, and includes bug fixes.
e524f8ce7b2aeed25d1c47f9cedff0e1cc57e3fbd7aa76b24a33091b5f3ff83d
Red Hat Security Advisory 2017-3475-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 3 serves as a replacement of Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes.
7a80ddd064b974806ee57d0ef30c611ff93aa622e38490ed53afce00dc512af4
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
ebb137b7cf5aab3fa821e1160f32d5b277ad4a8d68b147107e0e492f7b821dd4
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected.
acc225bd1b21250c626dc4a00829cd53ab675137c05067793a79cfb388ed3cf7
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
603914e4682e0177547ee6bd36e55a016f2159b8a92243ba90bf9945fe6c0675
VLC versions 2.2.8 and below suffer from a type conversion vulnerability in the MP4 demux module.
517f22e30a6a226acec48ea2f884e2b4a520164bd32f90f3aac8dc1b5d910d2a
The nsd binary shipping with multiple camera security systems suffers from a format string vulnerability.
0158af91f1804a0e9359005af8cc870bf882c536878b03e5930291a42bb7217a
Apple Security Advisory 2017-12-13-6 - iOS 11.2 addresses issues relating to interception, memory corruption, and more. This advisory provides additional information for APPLE-SA-2017-12-6-2.
0700b7d62c4bc3fe36c2ec7cfeb5c1c5e6e09967ad7b4c1009f717451ef3dc57
Apple Security Advisory 2017-12-13-4 - iTunes 12.7.2 for Windows is now available and addresses code execution and privacy issues.
aa5097596f2bfaeb9ab9082bdbe17fa9e65549381b08ac0d414c19deb07a1d1c
Apple Security Advisory 2017-12-13-3 - iCloud for Windows 7.2 is now available and addresses code execution and privacy issues.
7ac83185c9a1a9ac2f52891fd6ae1e94392155c4ba0d8b820fb7de7b325c1d7e
This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
33807dc92c51e0890223cb5aa8b949a564e99406df84abf4910ba71ac13c7512
Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
8ab13efc336295285491e67bb93b942178089de67c2b16923268b0eb37c15fdf
FS Lynda Clone version 1.0 suffers from a remote SQL injection vulnerability.
aecd307ca8281200e3bc02c02d5c4c877da634481d5927a9933ff9a81d612574
Movie Guide version 2.0 suffers from a remote SQL injection vulnerability.
bbb4bc60fb105f8bc9b27bdfc9e417483f123d816c7a8951b0ed041de206f42a
Piwigo version 2.9.1 suffers from a remote SQL injection vulnerability.
391e9323ad2d0e765c5af2177dccde86a5f2dfb908dac96f7f9c21ef991ba6cd
Paid To Read Script version 2.0.5 suffers from a remote SQL injection vulnerability.
44f6707002867724e0db26bc31dec80abd0e46f55c7f653e46bca33cdae1db92
Readymade Video Sharing Script version 3.2 suffers from a html injection vulnerability.
405097151c57dc24d8d1c4dc18575cb08049480311638242a6184fe7f95ed8f0
Joomla! JEXTN Video Gallery component version 3.0.5 suffers from a remote SQL injection vulnerability.
f350a80b80cce843425e64573c055c8d430d4f5d30efa31e19bb4944152ab3d4
Joomla! JEXTN Question and Answer component version 3.1.0 suffers from a remote SQL injection vulnerability.
08bb0912ddc75094fa2f2e4f324af6e703f516935f1bf497a0b63d1729432e03